Draft: Add JavaScript config example to README #18
Conversation
…a11y#177) * Update integration tests to support all platforms, including Windows * Add Windows and Mac to test matrix, matching pa11y
* Add publishing workflow * Trigger on push to `main` instead of `master` * Test for all pull request targets * Always run linter * Fix node-version variable name * Require `pa11y-lint-config@^3.0.0` * Fix outdated GitHub repo names * Limit Ubuntu support to `20.04` for `pa11y-ci@3` * Add a note for the Pa11y CI issue in Ubuntu * Remove broken dependencies badge * Remove table of contents since GitHub attempts to provide one * Clarify Node support for `pa11y-ci@3` as `12`, `14`, `16` * Provide an example for `--config`, other tweaks * Revise sitemaps, reporters, contributing * Apply new support policy and update table * Upgrade `pa11y` to `^6.2.3` from `~6.1`, following on from pa11y#179 Co-Authored-By: Aaron Goldenthal <[email protected]> * Update `async` to `~2.6.4` as shown in pa11y#185 ; lockfile was already there Co-Authored-By: nicodemuz <[email protected]> * Switch publisher back to `ubuntu-20.04` * Replace Travis badge with GitHub Actions badge * Update `.editorconfig` to match other Pa11y repos * Set `package.engines.node` to warn outside Node 12-16 * Add `.nvmrc` and set to `14` (12 doesn't run well on Apple Silicon) * Fix `lockfile-version` as `3`, upgrade lockfile from `1` to `3` * Fix Markdown issues and gremlins * Remove unused link definitions * Use more detail to describe Ubuntu issue affecting Pa11y CI 3 * Revert "Fix `lockfile-version` as `3`, upgrade lockfile from `1` to `3`" This reverts commit b9f1af2. * Fix `lockfile-version` to `2`, retaining compatibility with npm 6 (Node 12's bundled npm) * Move glob readme URL into footnotes * Tie together the two lines describing the `object` form of the URL * Fix link definition for `ubuntu-fix` * Add Node versions `18` and `20` to test matrix * Return `engines.node` to `>= 12`, but emphasis the Ubuntu caveat * Update the documented output of `pa11y-ci --help` to match its current form * Remove double-mention of npm commands * Settle on lower-case for OS names * Unquote simple strings * Move linting into its own job * Allow `fail-fast` now that tests are stabilising and linting is separated * Add placeholder to changelog for `3.1` * Fix list indentation in contributing guide * Improve run names inside `test` * Double integration test timeout to preempt locally observed flake * Remove Markdown note now that the Ubuntu note has its own section * Garden the readme * Replace v3 asterisk with named 'Ubuntu caveat' * Revert "Allow `fail-fast` now that tests are stabilising and linting is separated" This reverts commit bd5a094. --------- Co-authored-by: Aaron Goldenthal <[email protected]> Co-authored-by: nicodemuz <[email protected]>
|
Updated dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again. Next stepsWhat is dynamic require?Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution. Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code. What is environment variable access?Package accesses environment variables, which may be a sign of credential stuffing or data theft. Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to. What is filesystem access?Accesses the file system, and could potentially read sensitive data. If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. What is eval?Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior. Avoid packages that use eval, since this could potentially execute any code. What is a mixed license?(Experimental) Package contains multiple licenses. A new version of the package should be published that includes a single license. Consumers may seek clarification from the package author. Ensure that the license details are consistent across the LICENSE file, package.json license field and license details mentioned in the README. What is wrong with semver < v1?Package is not semver >=1. This means it is not stable and does not support ^ ranges. If the package sees any general use, it should begin releasing at version 1.0.0 or later to benefit from semver. What are unmaintained packages?Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed. Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
danyalaytekin
force-pushed
the
readme-update-config
branch
from
2b1352e to
c8d809c
Compare
danyalaytekin
force-pushed
the
readme-update-config
branch
from
a1dfb9f to
ef3f7b6
Compare
aarongoldenthal
added
the
documentation
No description provided.